Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Microsoft patches the Autorun hole

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg |

Microsoft has released patches to its Windows operating system which restricts the AutoRun entries in the AutoPlay dialog to only CD and DVD drives. Windows includes a feature known as “AutoRun” which lets automatic arbitrary code execution when removable devices are connected to the computer. Inserting a CD, DVD, USB and Firewire device or even mapping a network device may trigger the “autorun”.

This feature is utilized by the malware authors to develop a class of malware known as “autorun malware”. Conficker worm is one well known example of this type of malware. Recently Trend Micro researchers have detected that in the first two quarters of 2009, most Asian countries have autorun malware as their top infectors.

The patches released by Microsoft lowers the risk and reduces the attack surface. Note that an USB drive can be configured to masquerade as a CD.

Head over to Microsoft and install the patches.

Update for Windows XP (KB971029)

Update for Windows Vista (KB971029)

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: